This document describes how to set up and use OS inventory management. For an overview of OS inventory management, see OS inventory management.
Use OS inventory management to collect and view operating system details for your virtual machine (VM) instances. These operating system details include information such as hostname, operating system, and kernel version. You can also get information about installed OS packages, available OS package updates, and OS vulnerabilities. For a list of common scenarios for using OS inventory management, review When to use OS inventory management.
Before you begin
- Review OS Config quotas.
-
If you haven't already, set up authentication.
Authentication is
the process by which your identity is verified for access to Google Cloud services and APIs.
To run code or samples from a local development environment, you can authenticate to
Compute Engine as follows.
Select the tab for how you plan to use the samples on this page:
Console
When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloud
-
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
- Set a default region and zone.
REST
To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
-
Supported operating systems
For the full list of operating systems and versions that support OS inventory management, see Operating system details.
Required roles and permissions
To get the permissions that you need to list and describe inventory data,
ask your administrator to grant you the
OS Inventory Viewer(roles/osconfig.inventoryViewer)
IAM role on the project.
For more information about granting roles, see Manage access.
You might also be able to get the required permissions through custom roles or other predefined roles.
Set up your VM
Before you can use OS inventory management, you need to configure your VMs to use the feature. To configure your VMs to use OS inventory management, set up VM Manager.
After setting up VM Manager on your VMs, you can then view OS inventory data and vulnerability reports.
View OS inventory data
To view OS inventory data, use one of the following methods:
View OS inventory data for a VM
You can use the Google Cloud console, gcloud CLI or OS Config API to view OS information for a specific VM.
Console
To view OS vulnerabilities and information about installed packages on a VM by using the Google Cloud console, perform the following steps:
- In the Google Cloud console, go to the VM instances page.
- Click the name of the instance for which you want to view the OS information. The Instance details page appears.
- Click the OS info tab.
To view OS inventory data, you must enable VM Manager. If Google Cloud console prompts you to enable VM Manager, select one of the following options:- Enable for current project: enables VM Manager for all VMs in the selected project
- Enable for this VM: enables VM Manager only for the selected VM
- Review the list of OS vulnerabilities and installed packages in the OS info tab.
- Optional: If updates are available for any of the installed packages,
then select the package names and click Apply updates.
The Patch page appears. For more information about using the Patch feature in VM Manager, see Create patch jobs.
gcloud
To view inventory details for a specific VM, run the
os-config inventories describe command:
gcloud compute os-config inventories describe VM_NAME \
--location=ZONE \
--view=VIEW
Replace the following:
VM_NAME: the name for your VMZONE: the zone where the VM instance is locatedVIEW: the type of output information that is required. The following view types are available:basic: displays only OS informationfull: displays information about both OS and packagesIf unspecified, the default is
basic.
Example (basic view)
gcloud compute os-config inventories describe vm1-centos \ --location=us-central1-c
Example output
architecture: x86_64 hostname: vm1-centos kernelRelease: 3.10.0-1160.92.1.el7.x86_64 kernelVersion: '#1 SMP Tue Jun 20 11:48:01 UTC 2023' longName: CentOS Linux 7 (Core) osconfigAgentVersion: 20230504.00-g1.el7 shortName: centos updateTime: '2023-07-26T17:03:50Z' version: '7'
Example (full view)
gcloud compute os-config inventories describe vm1-centos \ --location=us-central1-c \ --view=full
Linux example output
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Installed Packages (Yum) โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ PACKAGE_NAME โ ARCHITECTURE โ VERSION โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ GeoIP โ x86_64 โ 1.5.0-13.el7 โ โ NetworkManager โ x86_64 โ 1:1.12.0-8.el7_6 โ โ NetworkManager-libnm โ x86_64 โ 1:1.12.0-8.el7_6 โ โ NetworkManager-team โ x86_64 โ 1:1.12.0-8.el7_6 โ โ NetworkManager-tui โ x86_64 โ 1:1.12.0-8.el7_6 โ โ acl โ x86_64 โ 2.2.51-14.el7 โ โ yum-cron โ all โ 3.4.3-161.el7.centos โ โ yum-metadata-parser โ x86_64 โ 1.1.4-10.el7 โ โ yum-plugin-fastestmirror โ all โ 1.1.31-50.el7 โ โ zlib โ x86_64 โ 1.2.7-18.el7 โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Package Updates Available (Yum) โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ PACKAGE_NAME โ ARCHITECTURE โ VERSION โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ GeoIP โ x86_64 โ 1.5.0-14.el7 โ โ NetworkManager โ x86_64 โ 1:1.18.8-2.el7_9 โ โ NetworkManager-libnm โ x86_64 โ 1:1.18.8-2.el7_9 โ โ NetworkManager-team โ x86_64 โ 1:1.18.8-2.el7_9 โ โ yum-cron โ all โ 3.4.3-168.el7.centos โ โ yum-plugin-fastestmirror โ all โ 1.1.31-54.el7_8 โ โ zlib โ x86_64 โ 1.2.7-19.el7_9 โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ architecture: x86_64 hostname: vm1-centos kernelRelease: 3.10.0-957.1.3.el7.x86_64 kernelVersion: '#1 SMP Thu Nov 29 14:49:43 UTC 2018' longName: CentOS Linux 7 (Core) osconfigAgentVersion: 20230504.00-g1.el7 shortName: centos updateTime: '2021-05-11T22:21:52.323Z' version: '7'
Windows example output
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Installed Packages (GooGet) โ โโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโค โ PACKAGE_NAME โ ARCHITECTURE โ VERSION โ โโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโค โ google-osconfig-agent โ x86_64 โ 20210415.4.0+win@1 โ โโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Installed Packages (Windows Update Agent) โ โโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโค โ TITLE โ CATEGORIES โ KB_ARTICLE_IDS โ SUPPORT_URL โ โโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโค โ title โ C1, C2 โ 4589208 โ url.com โ โโโโโโโโโดโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Installed Packages (Quick Fix Engineering) โ โโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโค โ CAPTION โ DESCRIPTION โ HOT_FIX_ID โ INSTALL_TIME โ โโโโโโโโโโโผโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโค โ caption โ Security Update โ KB4470788 โ 2019-03-12T00:00:00Z โ โโโโโโโโโโโดโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Installed Packages (Windows Application) โ โโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโค โ DISPLAY_NAME โ DISPLAY_VERSION โ PUBLISHER โ INSTALL_DATE โ โโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโค โ PowerShell 7-x64 โ 7.0.2.0 โ Microsoft Corporation โ 2021-06-08 โ โโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Package Updates Available (GooGet) โ โโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโค โ PACKAGE_NAME โ ARCHITECTURE โ VERSION โ โโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโค โ google-osconfig-agent โ x86_64 โ 20210415.4.0+win@1 โ โโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Package Updates Available (Windows Update Agent) โ โโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโค โ TITLE โ CATEGORIES โ KB_ARTICLE_IDS โ SUPPORT_URL โ โโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโค โ title โ C1, C2 โ 4589208 โ url.com โ โโโโโโโโโดโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ Package Updates Available (Quick Fix Engineering) โ โโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโค โ CAPTION โ DESCRIPTION โ HOT_FIX_ID โ INSTALL_TIME โ โโโโโโโโโโโผโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโค โ caption โ Security Update โ KB4470788 โ 2019-03-12T00:00:00Z โ โโโโโโโโโโโดโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโ architecture: x86_64 hostname: vm3-windows kernelRelease: 10.0.17763.1817 kernelVersion: 10.0.17763.1817 (WinBuild.160101.0800) longName: Microsoft Windows Server 2019 Datacenter osconfigAgentVersion: 20210901.00.0+win@1 shortName: windows updateTime: '2021-09-12T22:14:35Z' version: 10.0.17763
REST
To view inventory details for a specific VM, create a GET request to the
projects.locations.instances.inventories.get method.
GET https://osconfig.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/instances/INSTANCE/inventory
Replace the following:
PROJECT_ID: your project IDZONE: the zone where the VM instance is locatedINSTANCE: specify either the instance ID or the name for your VM
View OS inventory data for VMs in a specific zone
You can use gcloud CLI or OS Config API to view the OS information for VMs in a specific zone.
gcloud
To view a list of inventory data for VMs in a specific zone, run the
os-config inventories list command.
gcloud compute os-config inventories list \
--location=ZONE \
--view=VIEW
Replace the following:
ZONE: the zone where the VM is locatedVIEW: the type of output information that is required. The following view types are available:basic: displays only OS informationfull: displays information about both OS and packagesIf unspecified, the default is
basic.
Example (basic view)
gcloud compute os-config inventories list \ --location=us-central1-c
The output is similar to the following:
INSTANCE_ID INSTANCE_NAME OS OSCONFIG_AGENT_VERSION UPDATE_TIME 29255009728795105 vm1-centos CentOS Linux 7 (Core) 20230504.00-g1.el7 2023-07-26T16:53:49Z 5138980234596718741 vm2-rhel8 Red Hat Enterprise Linux 8.8 (Ootpa) 20230504.00-g1.el8 2023-07-26T16:55:33Z 7127836223366142250 vm3-windows Microsoft Windows Server 2022 Datacenter 20230403.00.0+win@1 2023-07-26T16:49:16Z
Example (full view)
gcloud compute os-config inventories list \ --location=us-central1-c \ --view=full
The output is similar to the following:
INSTANCE_ID INSTANCE_NAME OS INSTALLED_PACKAGES AVAILABLE_PACKAGES OSCONFIG_AGENT_VERSION UPDATE_TIME 29255009728795105 vm1-centos CentOS Linux 7 (Core) 334 2 20230504.00-g1.el7 2023-07-26T16:53:49Z 5932621394110773366 vm2-rhel8 Red Hat Enterprise Linux 8.8 (Ootpa) 410 138 20230504.00-g1.el8 2023-07-26T16:55:33Z 7127836223366142250 vm3-windows Microsoft Windows Server 2022 Datacenter 36 6 20230403.00.0+win@1 2023-07-26T16:49:16Z
REST
To view a list of inventory data for VMs in a specific zone, create a
GET request to the
projects.locations.instances.inventories.list method.
GET https://osconfig.googleapis.com/v1/projects/PROJECT_ID/locations/ZONE/instances/–/inventories
Replace the following:
PROJECT_ID: your project IDZONE: the zone where the VMs are located
View OS inventory data from Cloud Asset Inventory
OS inventory management stores and forwards inventory and vulnerability report data to Cloud Asset Inventory. Cloud Asset Inventory is a metadata inventory service that allows you to view, monitor, and analyze assets across Google Cloud. From Cloud Asset Inventory, you can poll the information and view changes in the data.
To access OS inventory and vulnerability report data from Cloud Asset Inventory, you need to complete the following setup:
- Set up VM Manager.
- On your Google Cloud project, enable the Cloud Asset Inventory API, the Google Cloud CLI, and assign permissions.
For more information, see Viewing VM Manager data.
OS inventory management (earlier version)
If you are still using the earlier version of OS inventory management, expand the following section to review the instructions for the Google Cloud CLI.
OS inventory management (earlier version)
List VMsTo view the list of VMs that have OS inventory management set up, run the instances
os-inventory list-instances command.
For example, to list all the VMs that have inventory data, run the following command:
gcloud compute instances os-inventory list-instances
The output is similar to the following:
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS inventory-instance us-east1-b e2-standard-2 192.0.2.1 RUNNING instance-inventory1 us-west1-b e2-standard-2 192.0.2.2 RUNNING instance-inventory2 asia-east2-b e2-standard-2 192.0.2.3 RUNNING
You can also use filters to narrow down your results. For example, you can
list all VMs that have OS inventory management set up and whose hostname matches
the regex instance-* by running the following command:
gcloud compute instances os-inventory list-instances
--inventory-filter="Hostname~instance-*"
The output is similar to the following:
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS inventory-instance us-east1-b e2-standard-2 192.0.2.1 RUNNING instance-inventory1 us-west1-b e2-standard-2 192.0.2.2 RUNNING instance-inventory2 asia-east2-b e2-standard-2 192.0.2.3 RUNNINGView inventory data
To view the inventory data for your VM, use the instances
os-inventory describe command.
To view the inventory data collected for a VM, run the following command:
gcloud compute instances os-inventory describe VM_NAME \
--zone=ZONE
Replace the following:
VM_NAME: the name of your VMZONE: the zone where the VM is located
To view the types of output details that are returned, review Information provided by OS inventory management.
What's next
- View vulnerability reports for your operating systems.
- Learn more about OS inventory management.